Home | Community | Message Board

Avalon Magic Plants
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post Pages: 1
Offlinedebianlinux
Myconerd - DBK
Male User Gallery

Folding@home Statistics
Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
ssh vs ICMP filtering
    #5508935 - 04/12/06 04:45 PM (17 years, 9 months ago)

so, i got a new cable modem connection and suddenly i cannot ping my modem address or traceroute or tunnel via ssh. the research i've done indicates that my ISP filters ICMP as some kind of "protect-me-from-the-hackers" service.

all fine and good, how the fuck do i get my ssh tunnel through this?
any pointers, links, or answers are much appreciated.


Extras: Filter Print Post Top
Offlinedebianlinux
Myconerd - DBK
Male User Gallery

Folding@home Statistics
Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
Re: ssh vs ICMP filtering [Re: debianlinux]
    #5508978 - 04/12/06 04:55 PM (17 years, 9 months ago)

fwiw, nmap tells me that the only port open on the last router to respond to the traceroute... iirc... is port 1720. even if the number is off i am certain it is a H.323 protocol port for VOIP which my cable provider happens to offer.


Extras: Filter Print Post Top
InvisibleautomanM
blasted chipmunk
 User Gallery

Registered: 09/18/03
Posts: 8,272
Re: ssh vs ICMP filtering [Re: debianlinux]
    #5509173 - 04/12/06 05:49 PM (17 years, 9 months ago)

your log look anything like this:
Code:

log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:580]: Client connection established.
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:708]: Outgoing call established (call ID 0, peer's call ID 0).
log[decaps_gre:pptp_gre.c:215]: short read (4294967295): Protocol not available
log[callmgr_main:pptp_callmgr.c:245]: Closing connection
log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection
log[call_callback:pptp_callmgr.c:88]: Closing connection



?


--------------------
No, no, you're not thinking, you're just being logical. ~ Niels Bohr


Extras: Filter Print Post Top
Offlinedebianlinux
Myconerd - DBK
Male User Gallery

Folding@home Statistics
Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
Re: ssh vs ICMP filtering [Re: automan]
    #5509448 - 04/12/06 07:00 PM (17 years, 9 months ago)

let me clear some stuff up.

the host machine is windows running the OpenSSH service.
the client machine is windows running PuTTY.
I have tried using a linux version of ssh from the client machine with the same results.
i have yet to try this with the host machine booted into linux.

i assume the logfile in question is the host logfile which isn't going to look like that being as it is on a windows box. the logfile that does exist on the windows box is empty.

there does not appear to be a logfile being created on the client machine.

i can try any configuration i wish as far as which OS is running on either end. the only little catch atm is that I'm normally trying this from work (hence windows) and I am currently at home and am having to use my neighbor's unsecured wireless connection to do the testing. he is using the same ISP as I am and therefore a tracerooute actually works but ping still does not. i have no idea if this is relevant but I figured I might as well speak up about it now.

you tell me how you want me to test the thing I'll make it happen.


Extras: Filter Print Post Top
InvisibleautomanM
blasted chipmunk
 User Gallery

Registered: 09/18/03
Posts: 8,272
Re: ssh vs ICMP filtering [Re: debianlinux]
    #5509530 - 04/12/06 07:19 PM (17 years, 9 months ago)

try running http://pptpclient.sourceforge.net/

it binds the GRE socket prior to calling the server


--------------------
No, no, you're not thinking, you're just being logical. ~ Niels Bohr


Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
Re: ssh vs ICMP filtering [Re: debianlinux]
    #5511127 - 04/13/06 04:53 AM (17 years, 9 months ago)

Call your ISP and ask them to open up tcp on port 22 on the router so that you can ssh into your machine remotely. I had my ISP open up a few of the lower ports that I use for various services (telnet, ftp, smtp, snmp, etc) and had them open up a block of higher addresses (23000-23015 tcp and udp) also. You will need to tell them what private IP address they need to forward the traffic to as well. In my case, I have a hardware firewall immediately after the ISP modem, so I have them forward all ports to the firewalls WAN address. I can then use the firewall to route the traffic to various machines on the private network.


--------------------
Just another spore in the wind.


Extras: Filter Print Post Top
Offlinedebianlinux
Myconerd - DBK
Male User Gallery

Folding@home Statistics
Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
Re: ssh vs ICMP filtering [Re: Seuss]
    #5511836 - 04/13/06 10:38 AM (17 years, 9 months ago)

so, you're saying that when you call your isp you actually get to talk to someone who knows what a port and/or tcp are or how to open it?

every time i have ever contacted my isp about legitimate issues on their network that i had a great deal of researched info to prove it was their miss i had to argue with several people at several levels over the course of several days to get the message to the right person.

i understand that I can do this but I would like to know if you have some magic ISP that employs people who can do more than read out of the step-by-step IE/Windows only book.


fwiw, i have found that you can get much farther with an ISP if you tell them up front that you do not have Windows, at all, anywhere. you immediately get past at least 2 hours worth of the "try this obvious dumb shit in IE" crap the low level techs are programmed to spew. otoh, most ISPs explicity disclaim any support for anything not Windows/IE... notably, the one I currently use.


Extras: Filter Print Post Top
Jump to top Pages: 1


Similar ThreadsPosterViewsRepliesLast post
* ICMP blocked by admin - Is there a way I can still use it? T0aD 1,469 14 02/21/04 02:45 PM
by mntlfngrs
* Http through SSH tunneling robbyberto 1,733 10 08/29/07 08:28 AM
by deimya
* ssh'ing Boom 1,185 9 02/28/07 09:16 PM
by Boom
* Bit torrent through SSH robbyberto 944 6 09/18/07 10:10 AM
by OJK
* SSH tunnel security robbyberto 830 6 02/04/08 09:24 PM
by robbyberto
* Nasa T.V EvilGir 582 0 12/29/03 10:02 PM
by EvilGir
* SSH from your mobile phone? abhi 503 1 06/15/05 04:22 PM
by kronnyQ
* Filtered pay channels for Cable Tv Oatman2000 2,368 17 07/11/06 02:07 PM
by Oatman2000

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
1,107 topic views. 0 members, 1 guests and 5 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.027 seconds spending 0.008 seconds on 14 queries.